Central Management Station (CMS) Introduction

中央控制架構 (CMS)

Please Note: Not all editions of software license has this feature enabled.
Check with feature matrix for more details.

請注意：並非所有版本皆具有此功能，詳情請參閱相關說明文件。

Overview

概要

In the past, NVR client (console) can connect to only one remote server.
All operation are restricted to single remote server. With the new CMS
architecture, users are allowed to connect to multiple NVR servers
simultaneously. Users are also allowed to perform live, playback, map,
configuration across multiple servers at the same time.

With the new CMS architecture and careful project designing & planning, a
fairly scalable system can be constructed, as illustrated below:

有了CMS架構，加上審慎的專案規劃，即有可能建構出一個大型可擴充之系統如下圖：

Mid-scale Surveillance System Diagram中型監視系統架構圖

Primary NVR server

主要NVR server

For the CMS architecture to work, there need to exist a primary NVR
server, which holds the information of other NVR servers (like the diagram
above). This server will be the server to connect when client is connected
from a remote site.

For middle to large scale system, managing user accounts and their passwords
could also be a challanging task. Therefore our CMS architecture offers "integrated
security", meaning that the administrator could opt to
synchronize all account information to the primary server. This spares
administrator the effort to manage different user names of different
servers.

Check to enable integrated security, which will synchronize all
account information to the primary server.

選擇是否啟用「整合式安全控管」，勾選此項將會把所有的帳號權限資訊與主要NVR server同步。

Use primary credential checkbox

Check this to use the same client-supplied password to connect to
this NVR connection, rather than the connection-supplied password.
Checking this box is generally considered more secure than non-checking.

Each NVR connection is similar to one IP camera connection. Therefore for
each NVR connection you need additional one channel license. Only
professional edition and intelligent edition qualifies the use of CMS.

一個NVR的連線就好比一個IP camera的連線一般，需要一個監看頻道的授權。並且只有專業版及智慧專業版適用CMS架構。

Let's use an example scenario in the following diagram. A primary NVR
server connects to 2 child NVR servers, which individually has two IP
cameras connected. The small blue box highlights the license requirements.
This example requires 6-channel license installed in a way that Primary
NVR server has two channels, NVR server 1 has two channels,
and NVR server 2 also has two channels.

Genius Vision CMS server is no different than the NVR server. Genius
Vision CMS client is also the same as the NVR client. All operations,
including maps, alarm processing, live & playback, permission control, can all
be performed from a remote location.

In the main console left panel, click "Cfg. System", like the following
picture:

在主畫面的左邊控制版上，按"Cfg. System"，如下圖：

Following system configuration window will appear.

如下圖的對話窗將出現：

Click on the "Users" node as highlighted in the picture above. All
users and groups will expand immediately.

點選"Users" 節點，如下圖所標示之處，點選後使用者及群組將自動展開。

You may then click on the specific user or group to modify their information.
Or you can click "New User" or "New User Group" to create new users or new
groups. For more detailed information about permission control, please follow
links below:

As the channel name must be unique throughout the domain (the entire
domain that is reachable from the primary NVR server), connecting two NVRs
with some channels having the same name causes name conflicts.

Our system has a way to automatically resolve name conflicts, in order to
make the system to continue functioning properly. However, such conflicts
will render only one of the channels with the same name usable. Thus all
accessible channels keeps their names unique throughout the domain. (This is
how we call that one channel is obsecured by another, rendering it
inaccessible, due to duplicated names).

Though the system is equipped with automatic resolution of name
conflicts, configuring your system with duplicated channel names is highly
unrecommended. Such configuration could easily causes user misunderstanding.

因此雖本系統可自動解決名稱衝突，但如此的設定實務上應該適當避免之，以免讓使用者產生不必要的誤解。

This can be illustrated in the following diagram. In this example there
are two cameras both named "Cam001". As a result of name conflict,
the CMS will only be able to access one of them, the "Cam001"
inside "NVR server 1". The "Cam001" inside "NVR
server 2" will not be accessible (hidden) from user. (Unless the first
Cam001 is removed from "NVR server 1", or the "NVR
server 1" is removed from the CMS)

Select the target child NVR (in this example, the child NVR called ALEE),
and click "Edit".

After clicking "Edit" in previous screen, a second configuration dialog
pops-up. This is the child NVR configuration window. Now click to the
"Channels" node. You are now able to perform all channel configuration
operations in this child NVR.

There are two types of NVR connection, in the sense of the credentials used.
To illustrate this, let's suppose we have a CMS structure as follows:

The two child NVR connection is configured to connect as "admin",
which usually has the highest privillege. This kind of configuration is usually
a necessary scenario because the primary NVR server needs to have enough access
to the child NVR to perform management tasks.

However when a user logon, there could be two kinds of scenarios, described
in the following table (notice the yellow highlighted differences) :

Diagram

Pros

Cons

Scenario 1: Use user supplied credentials

Higher security

More difficult to configure.

Scenario 2: Use connection supplied credentials

Lower security

Easier to configure

Because of the existence of the two possibilities, an option exist to let the
administrator to choose the type of connection when setting up a child NVR
connection, the "Use primary credential" checkbox in the NVR connectivity
dialog:

When the checkbox is checked, the connection uses "Scenario 1: Use
user supplied credentials", when it's unchecked, "Scenario 2:
Use connection supplied credentials" is used.

If you would like to configure your system to be publicly accessible, then
all NVR nodes in your system should have public IP addresses. This is because a
client connects to child NVR directly, rather than passing-through the primary
NVR:

Configuration

Note that IP cameras connected to child NVRs are allowed to
configured to private IP, while still accessible by remote client. This is
because client accesses IP camera (live/playback, etc) through NVR. This is what
happens when client actually connects to the system:

Following is an incorrect configuration example:

Note in this example, NVR server 1 and 2 are configured as private
IP address. This will make client have trouble connecting to the IP camera
inside:

However if a client is connecting from inside the private
network, then this configuration is workable:

CMS can be remotely accessed: Metadata like maps or
trigger policies can be stored in a central location. User can logon to CMS
from any remote computer and still be able to access to the preconfigured map data
with rich GUI.

CMS run as a server monitor: This architecture treats
the CMS server a daemon process (without GUI) that runs in background. So even when no user is monitoring anything, the daemon process can
still be configured to monitor events by rules. This provides great
flexibilities to plan complex projects.

Architectural uniformity: Such architecture is directly
expandable from original client/server architecture. Our system can scale
from a single computer (self-fulfilled client/server) into a large-scale
multi-location enterprise system, all in the same architecture. Such
architecture reduces the possibility that some functions are used less than
others because they are only used in large-scale system, and thus lack
proper testing.